Static Scan Results
scanned 8d ago · by rust-scannerStatic analysis completed at 65.0% confidence. No malicious behavior was detected; 7 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/commands/map.jsView file
1import { createHash } from "node:crypto";
L2: import { execFile } from "node:child_process";
L3: import { mkdir, readFile, rename, rm, stat, writeFile } from "node:fs/promises";
...
L39: // `generate` and `checkIgnored` so the command's behavior (path mirroring, dir
L40: // creation, atomic write, ignore warning, exit codes, error messages) is
L41: // unit-tested without a network/LLM key or shelling out to git.
...
L52: return injected;
L53: const resolved = resolveLogLevels({}, { SNAG_LOG: process.env.SNAG_LOG });
L54: const levels = "error" in resolved
...
L108: return mapAndPersist(file, {
L109: cwd: deps.cwd ?? process.cwd(),
L110: engineOpts: deps.engineOpts ?? {},
Low
Weak Crypto
Package source references weak cryptographic algorithms.
dist/commands/map.jsView on unpkg · L1Findings
2 Medium5 Low
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowWeak Cryptodist/commands/map.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings